offensivedefence.co.uk Open in urlscan Pro
185.199.110.153 Public Scan

Go To Rescan
Add Verdict Report

URL:
https://offensivedefence.co.uk/posts/dinvoke-syscalls/
Submission: On February 01 via api (February 1st 2021, 3:01:09 pm UTC) from US

Summary HTTP 12 Redirects Links 3 Behaviour Indicators

Similar DOM Content API

Summary

This website contacted 3 IPs in 1 countries across 2 domains to perform 12 HTTP transactions. The main IP is 185.199.110.153, located in United States and belongs to FASTLY, US. The main domain is offensivedefence.co.uk.
TLS certificate: Issued by R3 on December 7th 2020. Valid for: 3 months.

This is the only time offensivedefence.co.uk was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

	IP Address		AS Autonomous System
8	185.199.110.153 185.199.110.153		54113 (FASTLY) (FASTLY)
1	2606:4700::68... 2606:4700::6812:1634		13335 (CLOUDFLAR...) (CLOUDFLARENET)
3	2606:4700:e6:... 2606:4700:e6::ac40:cb1c		13335 (CLOUDFLAR...) (CLOUDFLARENET)
12	3

8 185.199.110.153 (United States)

ASN54113 (FASTLY, US)

offensivedefence.co.uk	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2606:4700::6812:1634 (United States)

ASN13335 (CLOUDFLARENET, US)

kit.fontawesome.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 2606:4700:e6::ac40:cb1c (United States)

ASN13335 (CLOUDFLARENET, US)

ka-f.fontawesome.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
8	offensivedefence.co.uk offensivedefence.co.uk	398 KB
4	fontawesome.com kit.fontawesome.com ka-f.fontawesome.com	23 KB
12	2

	Domain	Requested by
8	offensivedefence.co.uk	offensivedefence.co.uk
3	ka-f.fontawesome.com	kit.fontawesome.com
1	kit.fontawesome.com	offensivedefence.co.uk
12	3

This site contains links to these domains. Also see Links.

Domain
www.rohitab.com
j00ru.vexillium.org
github.com

Subject Issuer	Validity	Valid
offensivedefence.co.uk R3	`2020-12-07` - `2021-03-07`	3 months	crt.sh
*.fontawesome.com DigiCert TLS RSA SHA256 2020 CA1	`2020-11-13` - `2021-12-14`	a year	crt.sh
sni.cloudflaressl.com Cloudflare Inc ECC CA-3	`2020-10-13` - `2021-10-12`	a year	crt.sh

This page contains 1 frames:

Primary Page: https://offensivedefence.co.uk/posts/dinvoke-syscalls/
Frame ID: 1146F9C66283B6BF81035961585BCE3D
Requests: 12 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Detected technologies

Hugo (Static Site Generator) Expand

Overall confidence: 100%
Detected patterns

meta generator /Hugo ([\d.]+)?/i

Ruby (Programming Languages) Expand

Overall confidence: 100%
Detected patterns

headers server /^GitHub\.com$/i

Varnish (Cache Tools) Expand

Overall confidence: 100%
Detected patterns

headers via /varnish(?: \(Varnish\/([\d.]+)\))?/i

Ruby on Rails (Web Frameworks) Expand

Overall confidence: 100%
Detected patterns

headers server /^GitHub\.com$/i

Font Awesome (Font Scripts) Expand

Overall confidence: 100%
Detected patterns

html /<script[^>]* src=[^>]+fontawesome(?:\.js)?/i

GitHub Pages (CDN) Expand

Overall confidence: 100%
Detected patterns

headers server /^GitHub\.com$/i

Page Statistics

12
Requests

100 %
HTTPS

67 %
IPv6

2
Domains

3
Subdomains

3
IPs

1
Countries

420 kB
Transfer

567 kB
Size

0
Cookies

3 Outgoing links

These are links going to different origins than the main page.

URL: http://www.rohitab.com/apimonitor
Title: API Monitor

Search URL Search Domain Scan URL

URL: https://j00ru.vexillium.org/
Title: syscall lookup tables

Search URL Search Domain Scan URL

URL: https://github.com/TheWover/DInvoke/blob/main/DInvoke/DInvoke/SharedData/Native.cs
Title: NTSTATUS

Search URL Search Domain Scan URL

Redirected requests

There were HTTP redirect chains for the following requests:

12 HTTP transactions
0 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H2 200 Primary Request / Show response
offensivedefence.co.uk/posts/dinvoke-syscalls/ 83 KB
12 KB 218ms
126ms Document
text/html 185.199.110.153
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL: https://offensivedefence.co.uk/posts/dinvoke-syscalls/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 185.199.110.153 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software: GitHub.com /
Resource Hash: 83084cbed8d1d0da67b56e46617cace3a31448f2d0b2458f43645167c601e56e

Request headers

:method: GET
:authority: offensivedefence.co.uk
:scheme: https
:path: /posts/dinvoke-syscalls/
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: none
sec-fetch-mode: navigate
sec-fetch-user: ?1
sec-fetch-dest: document
accept-encoding: gzip, deflate, br
accept-language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

content-type: text/html; charset=utf-8
server: GitHub.com
last-modified: Sun, 24 Jan 2021 19:59:05 GMT
access-control-allow-origin: *
etag: W/"600dd189-14ade"
expires: Mon, 01 Feb 2021 15:10:49 GMT
cache-control: max-age=600
content-encoding: gzip
x-proxy-cache: MISS
x-github-request-id: 505A:2A05:103B3E5:112B33D:601817A1
accept-ranges: bytes
date: Mon, 01 Feb 2021 15:00:49 GMT
via: 1.1 varnish
age: 0
x-served-by: cache-cph20634-CPH
x-cache: MISS
x-cache-hits: 0
x-timer: S1612191650.735222,VS0,VE104
vary: Accept-Encoding
x-fastly-request-id: 1f00929ce858b988c52a3720a7a993ec5a984293
content-length: 11473

GET
H2 200 main.min.f90f5edd436ec7b74ad05479a05705770306911f721193e7845948fb07fe1335.css
offensivedefence.co.uk/css/ 2 KB
852 B 119ms
119ms Stylesheet
text/css 185.199.110.153
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL: https://offensivedefence.co.uk/css/main.min.f90f5edd436ec7b74ad05479a05705770306911f721193e7845948fb07fe1335.css
Requested by: Host: offensivedefence.co.uk
URL: https://offensivedefence.co.uk/posts/dinvoke-syscalls/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 185.199.110.153 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software: GitHub.com /
Resource Hash: f90f5edd436ec7b74ad05479a05705770306911f721193e7845948fb07fe1335

Request headers

Referer: https://offensivedefence.co.uk/posts/dinvoke-syscalls/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

x-fastly-request-id: aa4e39675f1154950b6e72ae2e6163b5566af642
date: Mon, 01 Feb 2021 15:00:49 GMT
content-encoding: gzip
age: 0
x-cache: MISS
content-length: 694
x-served-by: cache-cph20634-CPH
access-control-allow-origin: *
last-modified: Sun, 24 Jan 2021 19:59:05 GMT
server: GitHub.com
x-github-request-id: 8B66:2553:539EE9:5846A4:601817A1
x-timer: S1612191650.865336,VS0,VE101
etag: W/"600dd189-623"
vary: Accept-Encoding
content-type: text/css; charset=utf-8
via: 1.1 varnish
expires: Mon, 01 Feb 2021 15:10:49 GMT
cache-control: max-age=600
accept-ranges: bytes
x-proxy-cache: MISS
x-cache-hits: 0

GET
H2 200 89e1a73a2b.js Show response
kit.fontawesome.com/ 11 KB
4 KB 51ms
51ms Script
text/javascript 2606:4700::6812:1634
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://kit.fontawesome.com/89e1a73a2b.js

Requested by

Host: offensivedefence.co.uk
URL: https://offensivedefence.co.uk/posts/dinvoke-syscalls/

Protocol

H2

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6812:1634 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

a603a22a7cee78e1456eafb1a346435d2b5cf22418f79bc964879b1acdf60d58

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload

Request headers

Origin: https://offensivedefence.co.uk
Referer: https://offensivedefence.co.uk/posts/dinvoke-syscalls/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Mon, 01 Feb 2021 15:00:49 GMT
content-encoding: gzip
vary: origin, accept-encoding, access-control-request-headers, access-control-request-method
cf-cache-status: REVALIDATED
strict-transport-security: max-age=31536000; preload
cf-request-id: 07ffb5684400001f3dee9f5000000001
x-request-id: Fl-EOShR0u50qGRM2BQh
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
access-control-max-age: 3000
access-control-allow-methods: GET, OPTIONS
content-type: text/javascript
access-control-allow-origin: *
cache-control: max-age=60, public, must-revalidate
cf-ray: 61ac8b539b021f3d-FRA
access-control-allow-headers: accept, accept-langauge, content-language, content-type, fa-kit-token

GET
H2 200 avatar.png
offensivedefence.co.uk/ 7 KB
8 KB 117ms
117ms Image
image/png 185.199.110.153
FASTLY

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://offensivedefence.co.uk/avatar.png
Requested by: Host: offensivedefence.co.uk
URL: https://offensivedefence.co.uk/posts/dinvoke-syscalls/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 185.199.110.153 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software: GitHub.com /
Resource Hash: 29a483ca31ba92284c6cfe123adef9bef2eccae6cfd6da3ff3b0b74f009faa74

Request headers

Referer: https://offensivedefence.co.uk/posts/dinvoke-syscalls/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

x-fastly-request-id: 50ff098c124e339afdc56f3676a67ea0ad161896
date: Mon, 01 Feb 2021 15:00:50 GMT
via: 1.1 varnish
age: 0
x-cache: MISS
content-length: 7591
x-served-by: cache-cph20634-CPH
last-modified: Sun, 24 Jan 2021 19:59:05 GMT
server: GitHub.com
x-github-request-id: F842:2A04:89BA82:922446:6017FE16
x-timer: S1612191650.919257,VS0,VE99
etag: "600dd189-1da7"
vary: Accept-Encoding
content-type: image/png
access-control-allow-origin: *
expires: Mon, 01 Feb 2021 13:21:50 GMT
cache-control: max-age=600
accept-ranges: bytes
x-origin-cache: HIT
x-proxy-cache: MISS
x-cache-hits: 0

GET
H2 200 rings.png
offensivedefence.co.uk/images/dinvoke-syscalls/ 62 KB
62 KB 174ms
174ms Image
image/png 185.199.110.153
FASTLY

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://offensivedefence.co.uk/images/dinvoke-syscalls/rings.png
Requested by: Host: offensivedefence.co.uk
URL: https://offensivedefence.co.uk/posts/dinvoke-syscalls/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 185.199.110.153 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software: GitHub.com /
Resource Hash: a3f9a03bc04d775978424aed7a4b74fa59068a52dcdcb734dc2a2e8795d9d8df

Request headers

Referer: https://offensivedefence.co.uk/posts/dinvoke-syscalls/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

x-fastly-request-id: 8a5af2f6678c8983bc38b29a25b4d4772bf58eea
date: Mon, 01 Feb 2021 15:00:50 GMT
via: 1.1 varnish
age: 0
x-cache: MISS
x-cache-hits: 0
content-length: 63514
x-served-by: cache-cph20634-CPH
last-modified: Sun, 24 Jan 2021 19:59:05 GMT
server: GitHub.com
x-github-request-id: 68DE:6DB2:497C5A:4E67BB:601817A1
x-timer: S1612191650.986128,VS0,VE126
etag: "600dd189-f81a"
vary: Accept-Encoding
content-type: image/png
access-control-allow-origin: *
cache-control: max-age=600
accept-ranges: bytes
x-proxy-cache: MISS
expires: Mon, 01 Feb 2021 15:10:50 GMT

GET
H2 200 api.png
offensivedefence.co.uk/images/dinvoke-syscalls/ 61 KB
61 KB 197ms
195ms Image
image/png 185.199.110.153
FASTLY

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://offensivedefence.co.uk/images/dinvoke-syscalls/api.png
Requested by: Host: offensivedefence.co.uk
URL: https://offensivedefence.co.uk/posts/dinvoke-syscalls/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 185.199.110.153 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software: GitHub.com /
Resource Hash: 0ac75ae79a77428d762065560216afa99ae5c7f9dedb3fe1b33f5887c5d6ba1e

Request headers

Referer: https://offensivedefence.co.uk/posts/dinvoke-syscalls/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

x-fastly-request-id: cabe5cf581e10291309be330b404a9404d613b18
date: Mon, 01 Feb 2021 15:00:50 GMT
via: 1.1 varnish
age: 0
x-cache: MISS
x-cache-hits: 0
content-length: 62428
x-served-by: cache-cph20634-CPH
last-modified: Sun, 24 Jan 2021 19:59:05 GMT
server: GitHub.com
x-github-request-id: A80C:EDCD:FBAFF5:10A0D48:601817A1
x-timer: S1612191650.992542,VS0,VE129
etag: "600dd189-f3dc"
vary: Accept-Encoding
content-type: image/png
access-control-allow-origin: *
cache-control: max-age=600
accept-ranges: bytes
x-proxy-cache: MISS
expires: Mon, 01 Feb 2021 15:10:50 GMT

GET
H2 200 openprocess.png
offensivedefence.co.uk/images/dinvoke-syscalls/ 137 KB
137 KB 180ms
178ms Image
image/png 185.199.110.153
FASTLY

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://offensivedefence.co.uk/images/dinvoke-syscalls/openprocess.png
Requested by: Host: offensivedefence.co.uk
URL: https://offensivedefence.co.uk/posts/dinvoke-syscalls/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 185.199.110.153 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software: GitHub.com /
Resource Hash: d53682ca3de1b91004bca25ec845e276f28b27976272224125e01bd31ac98080

Request headers

Referer: https://offensivedefence.co.uk/posts/dinvoke-syscalls/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

x-fastly-request-id: 4adcf7d4ca87c426503cfbcc48af99ab14ff1375
date: Mon, 01 Feb 2021 15:00:50 GMT
via: 1.1 varnish
age: 0
x-cache: MISS
x-cache-hits: 0
content-length: 140102
x-served-by: cache-cph20634-CPH
last-modified: Sun, 24 Jan 2021 19:59:05 GMT
server: GitHub.com
x-github-request-id: F5AE:B52B:7FE8BE:87CA3C:601817A0
x-timer: S1612191650.992527,VS0,VE127
etag: "600dd189-22346"
vary: Accept-Encoding
content-type: image/png
access-control-allow-origin: *
cache-control: max-age=600
accept-ranges: bytes
x-proxy-cache: MISS
expires: Mon, 01 Feb 2021 15:10:50 GMT

GET
H2 200 hooks.png
offensivedefence.co.uk/images/dinvoke-syscalls/ 61 KB
62 KB 150ms
149ms Image
image/png 185.199.110.153
FASTLY

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://offensivedefence.co.uk/images/dinvoke-syscalls/hooks.png
Requested by: Host: offensivedefence.co.uk
URL: https://offensivedefence.co.uk/posts/dinvoke-syscalls/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 185.199.110.153 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software: GitHub.com /
Resource Hash: fbeee043d1fee7984c210c749b07767d8744969b3b62462f267a0a3fb29653c4

Request headers

Referer: https://offensivedefence.co.uk/posts/dinvoke-syscalls/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

x-fastly-request-id: 943a8c675a9cd62f8d94e21adf86b63363d51553
date: Mon, 01 Feb 2021 15:00:50 GMT
via: 1.1 varnish
age: 0
x-cache: MISS
x-cache-hits: 0
content-length: 62848
x-served-by: cache-cph20634-CPH
last-modified: Sun, 24 Jan 2021 19:59:05 GMT
server: GitHub.com
x-github-request-id: 8A9A:FA78:917B60:9A3178:601817A1
x-timer: S1612191650.992486,VS0,VE106
etag: "600dd189-f580"
vary: Accept-Encoding
content-type: image/png
access-control-allow-origin: *
cache-control: max-age=600
accept-ranges: bytes
x-proxy-cache: MISS
expires: Mon, 01 Feb 2021 15:10:50 GMT

GET
H2 200 injection-trace.png
offensivedefence.co.uk/images/dinvoke-syscalls/ 55 KB
56 KB 125ms
124ms Image
image/png 185.199.110.153
FASTLY

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://offensivedefence.co.uk/images/dinvoke-syscalls/injection-trace.png
Requested by: Host: offensivedefence.co.uk
URL: https://offensivedefence.co.uk/posts/dinvoke-syscalls/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 185.199.110.153 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software: GitHub.com /
Resource Hash: cd707cb9dc5a1142544c91947fb2b7a6c9388b8f864bda827d58bff586c121c0

Request headers

Referer: https://offensivedefence.co.uk/posts/dinvoke-syscalls/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

x-fastly-request-id: d69e64960ff9554b5de28922588438c44cd30d0d
date: Mon, 01 Feb 2021 15:00:50 GMT
via: 1.1 varnish
age: 0
x-cache: MISS
x-cache-hits: 0
content-length: 56658
x-served-by: cache-cph20634-CPH
last-modified: Sun, 24 Jan 2021 19:59:05 GMT
server: GitHub.com
x-github-request-id: A72C:6DB4:EE02BF:FBA153:601817A1
x-timer: S1612191650.992613,VS0,VE104
etag: "600dd189-dd52"
vary: Accept-Encoding
content-type: image/png
access-control-allow-origin: *
cache-control: max-age=600
accept-ranges: bytes
x-proxy-cache: MISS
expires: Mon, 01 Feb 2021 15:10:50 GMT

GET
H2 200 free.min.css Show response
ka-f.fontawesome.com/releases/v5.15.2/css/ 59 KB
13 KB 95ms
93ms Fetch
text/css 2606:4700:e6::ac40:cb1c
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://ka-f.fontawesome.com/releases/v5.15.2/css/free.min.css?token=89e1a73a2b
Requested by: Host: kit.fontawesome.com
URL: https://kit.fontawesome.com/89e1a73a2b.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:e6::ac40:cb1c , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 8c7bba7deb64ff95e98f7ac8cd0d3b675a4bcf02f302e57edc5a1d6fa3d6cf94

Request headers

Referer: https://offensivedefence.co.uk/posts/dinvoke-syscalls/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Mon, 01 Feb 2021 15:00:50 GMT
via: 1.1 0e47e65a81d7993af7f63688479ecb91.cloudfront.net (CloudFront)
vary: Accept-Encoding
cf-cache-status: HIT
nel: {"max_age":604800,"report_to":"cf-nel"}
age: 688204
x-cache: Hit from cloudfront
access-control-allow-methods: GET
content-encoding: br
cf-request-id: 07ffb568c2000006143631d000000001
last-modified: Wed, 13 Jan 2021 18:32:18 GMT
server: cloudflare
etag: W/"4ecc071b77d6b1790fa9fb8a5173f972"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
access-control-max-age: 3000
report-to: {"group":"cf-nel","endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report?s=cqLhBDIUkhg4gneJ30N%2FKOCXEwF5ZG03EZ4ZInCKsPInHOeVPq7qyV8y0oWmuN3xCOrKSj%2F1jeu9Z1Kj8tFgZTTdq4DTWW0SlXtDYnzvjDBQZhBEHS5xlcGf3PTwrRhUFg%3D%3D"}],"max_age":604800}
content-type: text/css
access-control-allow-origin: *
cache-control: max-age=31556926
x-amz-cf-pop: BRU50-C1
cf-ray: 61ac8b546bc20614-FRA
access-control-allow-headers: fa-kit-token
x-amz-cf-id: -3TFRI97BlhTqi86AYgeUuRbqowMoHpiacaopdfLF_tO6YhPczs3eQ==

GET
H2 200 free-v4-shims.min.css Show response
ka-f.fontawesome.com/releases/v5.15.2/css/ 26 KB
4 KB 37ms
35ms Fetch
text/css 2606:4700:e6::ac40:cb1c
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://ka-f.fontawesome.com/releases/v5.15.2/css/free-v4-shims.min.css?token=89e1a73a2b
Requested by: Host: kit.fontawesome.com
URL: https://kit.fontawesome.com/89e1a73a2b.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:e6::ac40:cb1c , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: d7cc3c57f9bda4c6dcb83bb3c19f2f2aa86ecec6274e243cd4ec315ae8e30101

Request headers

Referer: https://offensivedefence.co.uk/posts/dinvoke-syscalls/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Mon, 01 Feb 2021 15:00:50 GMT
via: 1.1 2f0580a0593ad9d3fb82aee9226d8179.cloudfront.net (CloudFront)
vary: Accept-Encoding
cf-cache-status: HIT
nel: {"max_age":604800,"report_to":"cf-nel"}
age: 673099
x-cache: Hit from cloudfront
access-control-allow-methods: GET
content-encoding: br
cf-request-id: 07ffb568c40000061426acc000000001
last-modified: Wed, 13 Jan 2021 18:32:17 GMT
server: cloudflare
etag: W/"1848e71668f42835079e5fa2af6cf4a8"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
access-control-max-age: 3000
report-to: {"group":"cf-nel","endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report?s=m21O9yGGoCQggiKPh5Hi6oHabpeCG3jGP2gksBwXvujU4wZ1z3oFklJYtPXGGPdXbhq%2BEmVBLMKxpz5v%2BHXS3X6l5m72Bfo0xWQVa9Pi6OqOiuSLN2sDV7ifiTMOs1fAMg%3D%3D"}],"max_age":604800}
content-type: text/css
access-control-allow-origin: *
cache-control: max-age=31556926
x-amz-cf-pop: FRA6-C1
cf-ray: 61ac8b546bcd0614-FRA
access-control-allow-headers: fa-kit-token
x-amz-cf-id: hiIIO7Wmzmx0E_10hcOqUqILGeBnS6M0vAdjgDt7m-j3s4b601E9vQ==

GET
H2 200 free-v4-font-face.min.css Show response
ka-f.fontawesome.com/releases/v5.15.2/css/ 3 KB
1 KB 55ms
54ms Fetch
text/css 2606:4700:e6::ac40:cb1c
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://ka-f.fontawesome.com/releases/v5.15.2/css/free-v4-font-face.min.css?token=89e1a73a2b
Requested by: Host: kit.fontawesome.com
URL: https://kit.fontawesome.com/89e1a73a2b.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:e6::ac40:cb1c , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 87a2729abe4d824617c1cf16d8cd2aa780095253d7b237655e654f926872d58e

Request headers

Referer: https://offensivedefence.co.uk/posts/dinvoke-syscalls/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Mon, 01 Feb 2021 15:00:50 GMT
via: 1.1 4162b603e4967e54c2386fa354705d6e.cloudfront.net (CloudFront)
vary: Accept-Encoding
cf-cache-status: HIT
nel: {"max_age":604800,"report_to":"cf-nel"}
age: 673099
x-cache: Hit from cloudfront
access-control-allow-methods: GET
content-encoding: br
cf-request-id: 07ffb568c400000614f8a7a000000001
last-modified: Wed, 13 Jan 2021 18:32:16 GMT
server: cloudflare
etag: W/"252773908df2cc3deb0e09dc1817e64b"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
access-control-max-age: 3000
report-to: {"group":"cf-nel","endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report?s=uUooFItVjOgvaCIDt219otWA9zgI9nxLvqb9nUpIu6%2Be9idzVyFoI6D4UG5Tb7M9FkbAfYA8LuYGPe2CJolpXpnzdIDlPNWvxhW66%2F8dHg2h6Yye5pZlqR52Mt6iYtAgJw%3D%3D"}],"max_age":604800}
content-type: text/css
access-control-allow-origin: *
cache-control: max-age=31556926
x-amz-cf-pop: FRA56-C1
cf-ray: 61ac8b546bd90614-FRA
access-control-allow-headers: fa-kit-token
x-amz-cf-id: aiNvADJcnVYIbmQHe5aUCkq78ASwAYRmdAid48YraGmNh2U4LeVqvg==

Verdicts & Comments Add Verdict or Comment

10 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

object| ontransitionrun object| ontransitionstart object| ontransitioncancel object| cookieStore function| showDirectoryPicker function| showOpenFilePicker function| showSaveFilePicker object| trustedTypes boolean| crossOriginIsolated object| FontAwesomeKitConfig

0 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

ka-f.fontawesome.com
kit.fontawesome.com
offensivedefence.co.uk
185.199.110.153
2606:4700::6812:1634
2606:4700:e6::ac40:cb1c
0ac75ae79a77428d762065560216afa99ae5c7f9dedb3fe1b33f5887c5d6ba1e
29a483ca31ba92284c6cfe123adef9bef2eccae6cfd6da3ff3b0b74f009faa74
83084cbed8d1d0da67b56e46617cace3a31448f2d0b2458f43645167c601e56e
87a2729abe4d824617c1cf16d8cd2aa780095253d7b237655e654f926872d58e
8c7bba7deb64ff95e98f7ac8cd0d3b675a4bcf02f302e57edc5a1d6fa3d6cf94
a3f9a03bc04d775978424aed7a4b74fa59068a52dcdcb734dc2a2e8795d9d8df
a603a22a7cee78e1456eafb1a346435d2b5cf22418f79bc964879b1acdf60d58
cd707cb9dc5a1142544c91947fb2b7a6c9388b8f864bda827d58bff586c121c0
d53682ca3de1b91004bca25ec845e276f28b27976272224125e01bd31ac98080
d7cc3c57f9bda4c6dcb83bb3c19f2f2aa86ecec6274e243cd4ec315ae8e30101
f90f5edd436ec7b74ad05479a05705770306911f721193e7845948fb07fe1335
fbeee043d1fee7984c210c749b07767d8744969b3b62462f267a0a3fb29653c4